openSUSE: 2024:0123-1 Critical Update for Chromium Browser Security
opensuse
May 13, 2024
An update that fixes 35 vulnerabilities is now available
Description
This update for chromium fixes the following issues:
- Chromium 124.0.6367.201
* CVE-2024-4671: Use after free in Visuals
- Chromium 124.0.6367.155 (boo#1224045)
* CVE-2024-4558: Use after free in ANGLE
* CVE-2024-4559: Heap buffer overflow in WebAudio
- Chromium 124.0.6367.118 (boo#1223846)
* CVE-2024-4331: Use after free in Picture In Picture
* CVE-2024-4368: Use after free in Dawn
- Chromium 124.0.6367.78 (boo#1223845)
* CVE-2024-4058: Type Confusion in ANGLE
* CVE-2024-4059: Out of bounds read in V8 API
* CVE-2024-4060: Use after free in Dawn
- Chromium 124.0.6367.60 (boo#1222958)
* CVE-2024-3832: Object corruption in V8.
* CVE-2024-3833: Object corruption in WebAssembly.
* CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
* CVE-2024-3837: Use after free in QUIC.
* CVE-2024-3838: Inappropriate implementation in Autofill.
* CVE-2024-3839: Out of bounds read in Fonts.
...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2024-123=1
Package List
- openSUSE Backports SLE-15-SP5 (aarch64 x86_64):
chromedriver-124.0.6367.201-bp155.2.78.1
chromium-124.0.6367.201-bp155.2.78.1
References
https://www.suse.com/security/cve/CVE-2024-2625.html
https://www.suse.com/security/cve/CVE-2024-2626.html
https://www.suse.com/security/cve/CVE-2024-2627.html
https://www.suse.com/security/cve/CVE-2024-2628.html
https://www.suse.com/security/cve/CVE-2024-2883.html
https://www.suse.com/security/cve/CVE-2024-2885.html
https://www.suse.com/security/cve/CVE-2024-2886.html
https://www.suse.com/security/cve/CVE-2024-2887.html
https://www.suse.com/security/cve/CVE-2024-3156.html
https://www.suse.com/security/cve/CVE-2024-3157.html
https://www.suse.com/security/cve/CVE-2024-3158.html
https://www.suse.com/security/cve/CVE-2024-3159.html
https://www.suse.com/security/cve/CVE-2024-3515.html
https://www.suse.com/security/cve/CVE-2024-3516.html
https://www.suse.com/security/cve/CVE-2024-3832.html
https://www.suse.com/security/cve/CVE-2024-3833.html
https://www.suse.com/security/cve/CVE-2024-3834.html
https://www.suse.com/security/cve/CVE-2024-3837.html
https://www.suse.com/security/cve/CVE-2024-3838.html
https://www....
Read the Full Advisory
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2024:0123-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP5 .
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!